News analysis: Social media data security under the spotlight

By Aasha Bodhani

Published Thursday, August 29, 2013

In 1999, Friends United first hit the social media radar, shortly followed by MySpace, Facebook, Twitter and most recently Snapchat and Vine. Initially designed for social interaction, social media channels now process other traits.

Millions of users can potentially shape and impact political agendas, worldwide news and dictate the way individuals think, creating a ‘new online world’. However, could this phenomenal boost change if governments legislate a ‘big brother’ style of social media monitoring?

This is the present issue in the US, as the Barack Obama administration is close to announcing its support for a law that would enforce the likes of Google+, Facebook and Twitter to build back doors into their software for government wiretaps. Traditionally, wiretapping refers to telephone usage but as conversations occur over the Internet in real-time the term has broadened.

The UK government is also in favour of this and in 2012 the Home Office announced it will be introducing a new law enabling security services to extend monitoring rights. However, wiretapping, monitoring, or snooping, all project a sense of unease and users may feel their right to freedom of speech could be hindered.

Even so, the Federal Bureau Investigations argues that the Communications Assistance for Law Enforcement Act of 1994 provides the legal authority it requires to monitor social media sites, messaging platforms and Web-based email. In order to achieve this, and if the legislation is enforced, social media companies will be able to build their own wiretapping technologies based on individual software structure, providing relevant information can be accessed by government officials. Social media platforms once had the power and leverage to reject this request, but if the legislation is passed companies failing to comply could face heavy fines or judicial inquires.

Why is this big brother approach necessary? “The most commonly asserted reason is for public safety purposes,” explained Ovum analyst Nishant Shah. “Sophisticated law enforcement and intelligence agencies can piece together a lot from information that individuals and groups create across the many social media channels – background, context, travel, motive, timing, accomplices and myriad other things.”

He added: “Entities often unknowingly leave behind a trail of ‘digital exhaust’ that can be combined with existing data the intelligence agencies may already have, as well as crowd-scoured information from the public, to yield strong leads in cases or produce ‘early warnings’ of potential threats.”

With tonnes of information uploaded onto social media sites every day, there is a high possibility that not all content is real or factually correct. With this in mind, Shah said: “Often, when data is collected from social media channels, its context is lost. Thus, aggregating data with different contextual schemas may lead to faulty conclusions.

“There are plenty of examples on Twitter, for instance, of false images being circulated that went viral and led to the dissemination of wrong information. It’s also not always easy to detect sarcasm or other aspects of ‘natural language’. However, most folks that work on these issues understand these qualities of social media data, and take steps to correct them or at least interpret results with a grain of salt.”

There is another twist to the social media data debate; what happens to a user’s data once they pass away? Entrustet, a US digital asset planning company, found in 2011 that three US Facebook users pass away every minute. Living in a ‘new online world’ it is necessary to consider where the data will go, although Ovum’s Shah said there is no strong consensus for this yet.

“There are lots of preliminary considerations: is the user’s data behind a password and therefore only accessible to some people? What type of data is it, and how ‘sensitive’ is it? What is the social media platform’s ability to store all data from users who have passed away? Who actually owns the data?”

He added: “Based on the answers to those questions, we would have to ask: what are the user’s preferences with regards to their digital assets? What is the role of their families’ preferences? What if the preferences clash with vaguely stated policies regarding data after death? There are lots of complications to the question of social media profile information upon death.”

With many proposals to consider, dealing with social media data after death will take time, not only for social media companies to implement, but also for individuals and external parties to understand and form policies.

“Generally, legal systems tend to be far behind changes wrought by technology; it’s no different here,” said Shah. “The estate planning community is also not particularly forward-thinking from a technology perspective, and clauses added to wills referencing digital assets haven’t had much time to be tested in courts given the relatively recent nature of the problem.”